Setting up trust between Administration Console and BI Server

By default, the BI Server will trust PAC if PAC is accessed via localhost or 127.0.0.1. "Trust" here means that any requests from a configured set of IP addresses are assumed pre-authenticated. Pre-authenticated means that the caller (i.e. PAC) took care of authenticating the user. PAC never sends a password; all that is communicated between PAC and the BI Server is the name of the user as which to run.

  1. Stop PAC.
  2. Stop the BI Server.
  3. Open biserver-ce/tomcat/webapps/pentaho/WEB-INF/web.xml.
    1. Search for TrustedIpAddrs.
    2. The param-value immediately below TrustedIpAddrs is a comma-separated list of IP addresses that should be trusted. Add the IP address of the host running PAC.
  4. Open administration-console/resource/config/console.xml.
    1. Search for platform-username.
    2. Replace the value (default is joe) with the username of an admin as which the BI Server should run all requests.
  5. Start the BI Server.
  6. Start PAC.

Troubleshooting

  • If the IP address is configured incorrectly, you will get the following error dialog in PAC:

    Unable to connect to BI Server. Confirm user credentials and web setting XML configuration.

  • If the username in console.xml is not found, you will get the following error dialog in PAC:

    HTTP/1.1 500 Internal Server Error

    And in the server log you will see the following error:

    org.springframework.security.userdetails.UsernameNotFoundException: User not found